diff options
| author | Tim Graham <timograham@gmail.com> | 2013-09-25 09:33:29 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2013-10-22 20:24:26 -0400 |
| commit | 2e74d6cb53a38c4cc08d4a069157be335a486ddd (patch) | |
| tree | 53d9ece3394759e34a02337c8bdd0ae3271321e4 | |
| parent | 4499dc81e2fb4d61fca7a988ee6198caf71ca173 (diff) | |
[1.6.x] Added 1.5.5 and 1.4.9 release notes
Backport of 2eb8f15516 from master
| -rw-r--r-- | docs/releases/1.4.9.txt | 21 | ||||
| -rw-r--r-- | docs/releases/1.5.5.txt | 33 | ||||
| -rw-r--r-- | docs/releases/index.txt | 2 |
3 files changed, 56 insertions, 0 deletions
diff --git a/docs/releases/1.4.9.txt b/docs/releases/1.4.9.txt new file mode 100644 index 0000000000..de66eb78f8 --- /dev/null +++ b/docs/releases/1.4.9.txt @@ -0,0 +1,21 @@ +========================== +Django 1.4.9 release notes +========================== + +*October 22, 2013* + +Django 1.4.9 fixes a security-related bug in the 1.4 series and one other +data corruption bug. + +Readdressed denial-of-service via password hashers +-------------------------------------------------- + +Django 1.4.8 imposes a 4096-byte limit on passwords in order to mitigate a +denial-of-service attack through submission of bogus but extremely large +passwords. In Django 1.5.5, we've reverted this change and instead improved +the speed of our PBKDF2 algorithm by not rehashing the key on every iteration. + +Bugfixes +======== + +* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256). diff --git a/docs/releases/1.5.5.txt b/docs/releases/1.5.5.txt new file mode 100644 index 0000000000..9e1cf97cc9 --- /dev/null +++ b/docs/releases/1.5.5.txt @@ -0,0 +1,33 @@ +========================== +Django 1.5.5 release notes +========================== + +*October 22, 2013* + +Django 1.5.5 fixes a couple security-related bugs and several other bugs in the +1.5 series. + +Readdressed denial-of-service via password hashers +-------------------------------------------------- + +Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a +denial-of-service attack through submission of bogus but extremely large +passwords. In Django 1.5.5, we've reverted this change and instead improved +the speed of our PBKDF2 algorithm by not rehashing the key on every iteration. + +Properly rotate CSRF token on login +----------------------------------- + +This behavior introduced as a security hardening measure in Django 1.5.2 did +not work properly and is now fixed. + +Bugfixes +======== + +* Fixed a data corruption bug with ``datetime_safe.datetime.combine`` (#21256). +* Fixed a Python 3 incompatability in ``django.utils.text.unescape_entities()`` + (#21185). +* Fixed a couple data corruption issues with ``QuerySet`` edge cases under + Oracle and MySQL (#21203, #21126). +* Fixed crashes when using combinations of ``annotate()``, + ``select_related()``, and ``only()`` (#16436). diff --git a/docs/releases/index.txt b/docs/releases/index.txt index 3facc9fb49..27bc8f864c 100644 --- a/docs/releases/index.txt +++ b/docs/releases/index.txt @@ -29,6 +29,7 @@ Final releases .. toctree:: :maxdepth: 1 + 1.5.5 1.5.4 1.5.3 1.5.2 @@ -40,6 +41,7 @@ Final releases .. toctree:: :maxdepth: 1 + 1.4.9 1.4.8 1.4.7 1.4.6 |